RE: Returned Mails

["Ricardo Saramago" <admin () ricardosaramago com>]

That's normal behavior for the Netsky virus. This virus uses all the email
adresses it can to replicate itself, generaly it uses the ones available in
the windows adress book, so if someone you know has your email in his/her
ad. Book, the virus will use it as sender id. IDS's, firewalls and corporate
anti virus usually notify the sender that he/she has a virus... It's whats's
happening to you. I get this all the time, and my pc is clean, I even get
this with an account I only use in Linux, so it's impossible it's infected.

Cheers,

R.

-----Original Message-----
From: Guru4u Support [mailto:support () guru4u co uk]
Sent: segunda-feira, 26 de Abril de 2004 18:56
To: security-basics () securityfocus com
Subject: Returned Mails

Hi,

This is probably a stupid question but I could do with some confirmation of
what I think is happening. I've been receiving a lot of 'return' emails
claiming they have been returned as I have a virus. Example below:


A virus was found in a message sent by this account.

--- Scan information follows ---

Result: Virus Detected
Virus Name: W32.Netsky.C@mm
File Attachment: posting.txt.com
Attachment Status: deleted

--- Original message information follows ---

From: *************@guru4u.co.uk
To: ********.com
Date: Fri, 23 Apr 2004 23:32:12 +0100
Subject: SPAM: the truth?
Received: from netcel.com ([80.42.154.232])  by nospam.netcel.com (SAVSMTP
3.1.0.29) with SMTP id M2004042323185126674  for ********.com>; Fri, 23 Apr
2004 23:18:52 +0100



I have up to now guessed these were down to 'someone' else's pc infected
with netsky or mydoom but after a lull I have been bombarded with loads of
such mails over the course of the day.

I would just like some reassurance that this is indeed due to other people
infected boxes rather mine. I have of course run several full system scans
with Norton av with the latest definitions etc and do use a firewall, Spybot
etc.

I've googled and this starts to confirm my suspicions but isn't authorative.

Thanks in advance,

Guru



---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the
skills of an Ethical Hacker to better assess the security of your
organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------



---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------